US9100388B2 - Secure mechanism for obtaining authorization for a discovered location server - Google Patents

Secure mechanism for obtaining authorization for a discovered location server Download PDF

Info

Publication number
US9100388B2
US9100388B2 US13/762,231 US201313762231A US9100388B2 US 9100388 B2 US9100388 B2 US 9100388B2 US 201313762231 A US201313762231 A US 201313762231A US 9100388 B2 US9100388 B2 US 9100388B2
Authority
US
United States
Prior art keywords
network
location server
discovered
terminal
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US13/762,231
Other languages
English (en)
Other versions
US20130212649A1 (en
Inventor
Philip Michael Hawkes
Andreas Klaus Wachter
Kirk Allan Burroughs
Stephen William Edge
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qualcomm Inc
Original Assignee
Qualcomm Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US13/762,231 priority Critical patent/US9100388B2/en
Application filed by Qualcomm Inc filed Critical Qualcomm Inc
Priority to EP13707947.1A priority patent/EP2813054B1/en
Priority to CN201380008649.1A priority patent/CN104106249B/zh
Priority to KR1020167010121A priority patent/KR20160049035A/ko
Priority to ES13707947.1T priority patent/ES2555169T3/es
Priority to PCT/US2013/025447 priority patent/WO2013120027A1/en
Priority to JP2014556756A priority patent/JP5922259B2/ja
Priority to CN201710397640.4A priority patent/CN107257330A/zh
Priority to KR1020147024980A priority patent/KR101615203B1/ko
Assigned to QUALCOMM INCORPORATED reassignment QUALCOMM INCORPORATED ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: WACHTER, ANDREAS KLAUS, BURROUGHS, KIRK ALLAN, HAWKES, PHILIP MICHAEL, EDGE, STEPHEN WILLIAM
Publication of US20130212649A1 publication Critical patent/US20130212649A1/en
Priority to US14/754,473 priority patent/US9467856B2/en
Application granted granted Critical
Publication of US9100388B2 publication Critical patent/US9100388B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/102Entity profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/107Network architectures or network communication protocols for network security for controlling access to devices or network resources wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/63Location-dependent; Proximity-dependent
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/20Services signaling; Auxiliary data signalling, i.e. transmitting data via a non-traffic channel

Definitions

  • location solutions and associated location servers that enable and assist such location solutions are becoming more widely deployed.
  • SUPL Secure User Plane Location
  • OMA Open Mobile Alliance
  • CP Control Plane
  • 3GPP 3 rd Generation Partnership Project Due to the ever increasing prevalence of mobile devices, location servers can sometimes restrict a user's ability to obtain access the location server without some form of authentication or authorization. Thus, services provided by the location server may not be readily available to visiting mobile devices at first.
  • a method for obtaining authorized access from a terminal to a discovered location server.
  • the method may include switching from a first network that does not support authenticated access to a home location server by the terminal to a second network that does support authenticated access to the home location server by the terminal.
  • Authenticated access to home location server may be obtained using the second network.
  • Authorization for the discovered location server may then be obtained from the home location server.
  • the terminal may then switch from the second network back to the first network.
  • the terminal may then access the discovered location server using the first network based on the obtained authorization from the home location server.
  • the discovered location server includes a discovered SUPL location platform (D-SLP).
  • the home location server includes a home SUPL location platform (H-SLP).
  • obtaining authenticated access includes using at least one of an alternative client authentication (ACA) mechanism, device certificates, and Generic Bootstrapping Architecture (GBA) to authenticate the terminal by the H-SLP.
  • ACA alternative client authentication
  • GBA Generic Bootstrapping Architecture
  • the first network is a wireless local area network (WLAN).
  • the second network is a network that supports Long Term Evolution (LTE), WCDMA, GSM or cdma2000 HRPD.
  • LTE Long Term Evolution
  • WCDMA Wideband Code Division Multiple Access
  • GSM Global System for Mobile communications
  • a terminal for obtaining authorized access to a discovered location server may include a transceiver configured to switch from a first network that does not support authenticated accesses to a home location server by the terminal to a second network that does support authenticated access to the home location server by the terminal.
  • the transceiver may switch from the second network back to the first network after the terminal obtains authenticated access to the home location server using the second network.
  • the terminal may also include a processor configured to obtain authenticated access to the home location server using the second network.
  • the processor may also be configured to obtain authorization for the discovered location server from the home location server, and to access the discovered location server using the first network based on the obtained authorization from the home location server.
  • an apparatus for obtaining authorized access to a discovered location server.
  • the apparatus may include means for switching from a first network that does not support authenticated access to a home location server by a terminal to a second network that does support authenticated access to the home location server by the terminal.
  • the apparatus may also include means for obtaining authenticated access to the home location server using the second network, and means for obtaining authorization for the discovered location server from the home location server.
  • the apparatus may also include means for switching from the second network back to the first network, and means for accessing the discovered location server using the first network based on the obtained authorization from the home location server.
  • a non-transitory processor-readable medium may include processor-readable instructions configured to cause a processor to switch from a first network that does not support authenticated access to a home location server by a terminal to a second network that does support authenticated access to the home location server by the terminal.
  • the processor-readable instructions may also cause the processor to obtain authenticated access to the home location server using the second network, obtain authorization for a discovered location server from the home location server, switch from the second network back to the first network, and access the discovered location server using the first network based on the obtained authorization from the home location server.
  • a method for obtaining authorized access from a terminal to a secure user plane location (SUPL) platform.
  • the method may include switching from a first network that does not support authentication of the terminal to a second network that does support authentication of the terminal.
  • Authenticated access to a first SUPL platform may be obtained using the second network.
  • Authorization for a second SUPL platform may then be obtained from the first SUPL platform.
  • the terminal may then switch from the second network back to the first network.
  • the terminal may then access the second SUPL platform using the first network based on the obtained authorization from the first SUPL platform.
  • an apparatus may include one or more communication modules configured to access a first network and a second network.
  • the apparatus may be configured to access a first secure user plane location platform using the first network and to access a second secure user plane location platform using the second network.
  • the first secure user plane location platform may comprise a home secure user plane location (SUPL) location platform (H-SLP) and/or the second secure user plane location platform may comprise a discovered secure user plane location (SUPL) location platform (D-SLP).
  • the apparatus may be configured to attempt access to the H-SLP using the second network, and to access the H-SLP using the first network if access to the H-SLP over the second network fails.
  • SUPL home secure user plane location
  • D-SLP discovered secure user plane location
  • FIG. 1 is a graphical illustration of an example wireless network environment that can be employed in conjunction with the various systems and methods described herein.
  • FIG. 2 illustrates exemplary apparatuses of various embodiments.
  • FIGS. 3A , 3 B, and 3 C are exemplary illustrations of steps associated with various embodiments.
  • FIGS. 4A , 4 B, and 4 C are exemplary illustrations of steps associated with other various embodiments.
  • FIGS. 5A , 5 B, and 5 C illustrate exemplary flowcharts describing steps of various embodiments.
  • FIG. 6 is an exemplary computer system of various embodiments.
  • CDMA Code Division Multiple Access
  • TDMA Time Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • OFDMA Orthogonal FDMA
  • SC-FDMA Single-Carrier FDMA
  • a CDMA network may implement a radio technology such as Universal Terrestrial Radio Access (UTRA), CDMA2000, etc.
  • UTRA includes Wideband-CDMA (W-CDMA) and Low Chip Rate (LCR).
  • CDMA2000 covers IS-2000, IS-95 and IS-856 standards.
  • a TDMA network may implement a radio technology such as Global System for Mobile Communications (GSM).
  • GSM Global System for Mobile Communications
  • An OFDMA network may implement a radio technology such as Evolved UTRA (E-UTRA), IEEE 802.11, IEEE 802.16, IEEE 802.20, Flash-OFDM®, etc.
  • E-UTRA is part of Universal Mobile Telecommunication System (UMTS).
  • LTE Long Term Evolution
  • UTRA, E-UTRA, GSM, UMTS and LTE are described in documents from 3GPP.
  • CDMA2000 is described in documents from an organization named “3rd Generation Partnership Project 2” (3GPP2). These various radio technologies and standards are known in the art.
  • SC-FDMA Single carrier frequency division multiple access
  • SC-FDMA may have similar performance and overall complexity as those of OFDMA system.
  • SC-FDMA signal may have lower peak-to-average power ratio (PAPR) because of its inherent single carrier structure.
  • PAPR peak-to-average power ratio
  • SC-FDMA has drawn great attention, especially in the uplink communications where lower PAPR greatly benefits the mobile terminal in terms of transmit power efficiency. It is currently a working assumption for uplink multiple access scheme in 3GPP Long Term Evolution (LTE), or Evolved UTRA.
  • LTE Long Term Evolution
  • An access terminal can also be called a system, subscriber unit, subscriber station, mobile station, mobile, remote station, remote terminal, mobile device, user terminal, terminal, wireless communication device, user agent, user device, user equipment (UE) or, in the case that SUPL is supported, a SUPL Enabled Terminal (SET).
  • An access terminal can be a cellular telephone, a cordless telephone, a Session Initiation Protocol (SIP) phone, a wireless local loop (WLL) station, a personal digital assistant (PDA), a handheld device having wireless connection capability, a computing device, a smartphone, a tablet, a laptop or other processing device connected to or containing a modem, for example a wireless modem.
  • SIP Session Initiation Protocol
  • WLL wireless local loop
  • PDA personal digital assistant
  • a base station can be utilized for communicating with access terminal(s) and can also be referred to as an access point, Node B, Evolved Node B (eNodeB), access point base station, a WiFi access point, a Femtocell, a Home Base Station, a Home Node B, a Home evolved Node B or some other terminology.
  • Node B Evolved Node B
  • eNodeB Evolved Node B
  • WiFi access point a WiFi access point
  • Femtocell a Home Base Station
  • Home Node B a Home evolved Node B or some other terminology.
  • an access point (AP) 100 includes multiple antenna groups, one including 104 and 106 , another including 108 and 110 , and an additional including 112 and 114 .
  • AP 100 includes multiple antenna groups, one including 104 and 106 , another including 108 and 110 , and an additional including 112 and 114 .
  • FIG. 1 only two antennas are shown for each antenna group, however, more or fewer antennas may be utilized for each antenna group. For example, only one or two total antennas may be included or attached to the AP 100 .
  • Access terminal 116 (AT) is in communication with antennas 112 and 114 , where antennas 112 and 114 transmit information to access terminal 116 over forward link 120 and receive information from access terminal 116 over reverse link 118 .
  • ATs may include SETs, mobile phones, PDAs, wireless tablets, and the like.
  • Access terminal 122 is in communication with antennas 106 and 108 , where antennas 106 and 108 transmit information to access terminal 122 over forward link 126 and receive information from access terminal 122 over reverse link 124 .
  • communication links 118 , 120 , 124 and 126 may use different frequency for communication.
  • forward link 120 may use a different frequency than that used by reverse link 118 .
  • Each group of antennas and/or the area in which they are designed to communicate may be referred to as a sector of the access point.
  • antenna groups each are designed to communicate to access terminals in a sector of the areas covered by access point 100 .
  • the transmitting antennas of access point 100 may utilize beamforming in order to improve the signal-to-noise ratio of forward links for the different access terminals 116 and 122 . Also, an access point using beamforming to transmit to access terminals scattered randomly through its coverage may cause less interference to access terminals in neighboring cells than an access point transmitting through a single antenna to all its access terminals. In some embodiments, beamforming is not performed.
  • a base station may be used in addition to or instead of the AP 100 .
  • a first transmitter such as the AP 100 may provide access to a first network while a second transmitter, for example a cellular base station, may provide access to a second network.
  • the areas in which each of the first transmitter and second transmitter may be accessed overlap.
  • FIG. 2 is a block diagram of an embodiment of a transmitter system 210 (which may, for example, implement the access point 100 ) and a receiver system 250 (which may, for example, implement the access terminal 116 ) in a MIMO system 200 .
  • MIMO MIMO is not used in some embodiments, as other systems may be used (e.g. SISO, MISO, SIMO, etc.).
  • TX transmit
  • each data stream is transmitted over a respective transmit antenna.
  • TX data processor 214 formats, codes, and interleaves the traffic data for each data stream based on a particular coding scheme selected for that data stream to provide coded data.
  • the coded data for each data stream may be multiplexed with pilot data using OFDM techniques.
  • the pilot data is typically a known data pattern that is processed in a known manner and may be used at the receiver system to estimate the channel response.
  • the multiplexed pilot and coded data for each data stream is then modulated (i.e., symbol mapped) based on a particular modulation scheme (e.g., BPSK, QSPK, M-PSK, or M-QAM) selected for that data stream to provide modulation symbols.
  • the data rate, coding, and modulation for each data stream may be determined by instructions performed by processor 230 .
  • TX MIMO processor 220 The modulation symbols for all data streams are then provided to a TX MIMO processor 220 , which may further process the modulation symbols (e.g., for OFDM). TX MIMO processor 220 then provides NT modulation symbol streams to NT transmitters (TMTR) 222 a through 222 t . In certain embodiments, TX MIMO processor 220 applies beamforming weights to the symbols of the data streams and to the antenna from which the symbol is being transmitted.
  • Each transmitter 222 receives and processes a respective symbol stream to provide one or more analog signals, and further conditions (e.g., amplifies, filters, and upconverts) the analog signals to provide a modulated signal suitable for transmission over the MIMO channel.
  • NT modulated signals from transmitters 222 a through 222 t are then transmitted from NT antennas 224 a through 224 t , respectively.
  • the transmitted modulated signals are received by NR antennas 252 a through 252 r and the received signal from each antenna 252 is provided to a respective receiver (RCVR) 254 a through 254 r .
  • Each receiver 254 conditions (e.g., filters, amplifies, and downconverts) a respective received signal, digitizes the conditioned signal to provide samples, and further processes the samples to provide a corresponding “received” symbol stream.
  • An RX data processor 260 then receives and processes the NR received symbol streams from NR receivers 254 based on a particular receiver processing technique to provide NT “detected” symbol streams.
  • the RX data processor 260 then demodulates, deinterleaves, and decodes each detected symbol stream to recover the traffic data for the data stream.
  • the processing by RX data processor 260 is complementary to that performed by TX MIMO processor 220 and TX data processor 214 at transmitter system 210 .
  • a processor 270 periodically may determine which pre-coding matrix to use. Processor 270 may formulate a reverse link message comprising a matrix index portion and a rank value portion.
  • the reverse link message may comprise various types of information regarding the communication link and/or the received data stream.
  • the reverse link message is then processed by a TX data processor 238 , which also receives traffic data for a number of data streams from a data source 236 , modulated by a modulator 280 , conditioned by transmitters 254 a through 254 r , and transmitted back to transmitter system 210 .
  • Two or more receiver, transmitter, and antenna groups may be configured to access separate networks, for example a WLAN network and an LTE, WCDMA, or cdma2000 HPRD network.
  • a single receiver, transmitter, and antenna group may be configured to access at least two separate networks.
  • a plurality of processors may be included to process communications and/or data for a plurality of networks.
  • a single processor may be configured to process communications and/or data for a plurality of networks.
  • the modulated signals from receiver system 250 are received by antennas 224 , conditioned by receivers 222 , demodulated by a demodulator 240 , and processed by a RX data processor 242 to extract the reserve link message transmitted by the receiver system 250 .
  • Processor 230 determines which pre-coding matrix to use for determining the beamforming weights then processes the extracted message.
  • Apparatuses, methods, systems and computer-readable media for obtaining secure connections to a discovered location server are presented.
  • location solutions and associated location servers that enable and assist such location solutions are becoming more widely deployed.
  • One example of such a location solution is the SUPL solution defined by the OMA.
  • Another example is the CP location solution defined by 3GPP.
  • location servers can sometimes be restricted to supporting the location of mobile devices in small or medium sized geographic areas (e.g. a shopping mall, airport, town or city).
  • a location server may need to first be discovered by a mobile device and then authorized for use by some trusted entity such as a mobile device's home network or a home network location server.
  • a potential problem in this case may be an inability to obtain access to the home network or home network location server in a way that allows the home network or home network location server to authenticate the mobile device before providing or authorizing the addresses of one or more local location servers authorized to provide location services to the mobile device.
  • This problem may particularly apply when a mobile device uses some local intranet (e.g. a WiFi network) to access a local location server as the local intranet may not allow access or authenticated access to the mobile device's home network or home network location server.
  • an access terminal may discover a location server that is accessible over some network A that the AT is currently using.
  • the address of the location server may be provided (e.g. broadcast) by base stations and access points, e.g., the AP 100 , belonging to the network A and thus be freely accessible to the AT.
  • the AT may query some entity in network A for the address (e.g. may perform a query using the IETF Dynamic Host Configuration Protocol (DHCP)) or the AT may be provided with the address on attachment to network A or may be provided with the address by some other means.
  • DHCP Dynamic Host Configuration Protocol
  • the AT may wish to access the discovered location server for various reasons, including for location services, rather than any home location server that the AT may have. This may be because the discovered location server may provide better services in the particular area in which the AT is currently located (e.g. the AT may be roaming in a remote area from the home server, or is inside a building or other structure for which the home server has little or no information), or for any other reason of a variety of reasons.
  • the AT may need to have the discovered location server authorized by the home location server, for example, in order to comply with standards bodies and to ensure that the discovered location server may be trusted by the AT to provide the services and to not provide unauthorized access or information of the AT to other parties.
  • the AT may receive information from its home location server (e.g. security certificates) before accessing the discovered location server to enable the discovered location server to authenticate the AT and thereby reliably bill the AT user or home network for any services, if such a commercial arrangement has been set up.
  • home location server e.g. security certificates
  • network A may be an internal intranet for some organization or venue and have no access to a public network or network A may have access to a public network and enable the AT to communicate with its home location server, but the home location server may not be able to authenticate the AT.
  • network A is a wireless local area network (WLAN) with public network access
  • the IP address of the AT may be assigned by the WLAN and would not be known to or verifiable by the home location server or to the AT user's home network.
  • WLAN wireless local area network
  • ACA Alternative Client Authentication
  • H-SLP home SUPL Location Platform
  • MSISDN Mobile Station Integrated Services Digital Network
  • IMSI International Mobile Subscriber Identity
  • network A the AT's home network or intermediate routers, gateways or networks may place restrictions on communication with the AT's home network or the AT may not be authorized in network A for such communication.
  • network A may be congested or otherwise have low bandwidth availability, presenting the AT with too many interruptions, delays, or collisions.
  • the AT may tune away from network A to another network B (e.g. an LTE, WCDMA or cdma2000 High Rate Packet Data (HRPD) network) that allows communication with the home location server and enables authentication of the AT by the home location server.
  • authentication mechanisms may be used by a home location server in some embodiments when an AT accesses it from an LTE, WCDMA or HRPD network because the home server can verify the AT identity from the IP address the AT uses to access the home server. This verification can be possible because the home network of the AT can be aware of the IP address assigned to the AT (e.g. from an association with a global address for an AT such as an IMSI or MSISDN) or can query for the AT identity (e.g. IMSI or MSISDN) knowing the IP address.
  • FIGS. 3A , 3 B, and 3 C illustrate the aforementioned mechanics according to some embodiments.
  • the terms “discovered location server” and “discovered server” are used synonymously, as are the terms “home location server” and “home server.”
  • example network scenario 300 shows an AT, for example the AT 116 , within coverage of Network A.
  • the AT has discovered a discovered server but does not yet have authorized access to it.
  • the AT is unable to access the discovered server to obtain support for location servers such as (i) obtaining assistance data from the discovered server to enable the AT to locate itself from measurements made by the AT of access points belonging to network A or (ii) having the discovered server locate the AT from measurements made by the AT and/or by network A of the AT.
  • the measurements may comprise timing and signal strength measurements for nearby base stations (e.g. AP 100 ), timing measurements for global navigation satellites, round trip time (RTT) measurements, received signal strength indicator (RSSI) measurements, assisted global navigation satellite system (GNSS) measurements, and the like.
  • Network A does not support authentication means for the AT, and thus cannot signal to the discovered server any sufficient authentication information for the AT and thereby allow the discovered server to authenticate the AT (e.g. to enable subsequent billing of the AT or the home network of the AT for any location services provided to the AT by the discovered server). Further, the AT may be able to obtain such authentication information (to enable authentication of the AT by the discovered server) through its home server, but network A may provide no means to reach the home server or no means for the home server to authenticate the AT if the home server can be reached. In addition, even when the discovered server is able to authenticate the AT via network A or does not need to authenticate the AT (e.g.
  • the AT may not be able to access the home server from network A to obtain authorization of the discovered server or may be able to access the home server via network A but be unable to authenticate the home server or unable to be authenticated by the home server.
  • impediments may be due to various reasons, including network A having no access to a public network such as the Internet, the home network having no means to verify an IP address assigned by network A, restrictions on communication imposed by network A, the home network or intermediate entities, having too much traffic in network A, lacking proper network configurations to access the home server, or other impediments.
  • the AT may then switch to a second network, network B, that enables authenticated access to the home server, as shown in example network scenario 325 .
  • the AT may then connect to the home server in an effort to ultimately connect to the discovered server found back in Network A.
  • network B that enables authenticated access to the home server
  • network B may enable one or more of the following capabilities: (i) access to the home server by the AT; (ii) authentication of the AT by the home server; (iii) authentication by the AT of the home server; (iv) discovery of the discovered server by the AT from the home server; (v) authorization of the discovered server by the home server including information that tells the AT under what circumstances (e.g. at which locations or from which networks) it may access the discovered server; (vi) provision of information from the home server to the AT to enable authentication of the AT by the discovered server; and (vii) provision of information by the home server to the AT to enable authentication of the discovered server by the AT.
  • These enabled capabilities may not be supported by network A in the scenario shown in FIG. 3A , thereby initially preventing access by the AT to the discovered server.
  • the AT then switches back to Network A, now having made use of any of the capabilities (i), (ii), (iii), (iv), (v), (vi) and (vii) described above and possessing any information obtained as a consequence of these capabilities such as authentication or authorization information to access the discovered server.
  • the AT may then access the discovered server via network A to obtain location services. Access to the discovered server via network A rather than network B may be preferred or even necessary—e.g. because the discovered server is on a private intranet not reachable from a public network such as network A or because the discovered server only provides location services in association with access from network A or because usage charges to the user of the AT when using network A are less than those when using network B.
  • the AT accesses the discovered server via network A, it may make use of information received from the home server via network B to (a) enable authentication of the AT by the discovered server (e.g. by making use of device certificates provided by the home server for this purpose), (b) enable authentication of the discovered server by the AT and/or (c) determine when the AT may and may not access the discovered server, for example.
  • an example AT for example the AT 116 , may be a secure user plane location (SUPL) enabled terminal (SET), which may be within transmission range of Network A.
  • the SET may have discovered an example type of discovered server, such as a discovered-SUPL location platform (D-SLP).
  • D-SLP discovered-SUPL location platform
  • the SET may be unable to access the D-SLP at first because the SET cannot obtain authorization for the D-SLP and/or authentication information for the D-SLP from the SET's home SLP (H-SLP) which the SET may trust to provide secure authorization and authentication related information for the D-SLP.
  • H-SLP home SLP
  • Network A may not provide access to the SET's H-SLP or Network A may provide access but not support or enable authentication of the SET by the SET's H-SLP using a method such as the SUPL alternative client authentication (ACA) mechanism.
  • ACA SUPL alternative client authentication
  • Such impediments may be due to various reasons, including network A having no access to a public network such as the Internet, the home network having no means to verify an IP address assigned by network A, restrictions on communication imposed by network A, the home network or intermediate entities, having too much traffic in network A, lacking proper network configurations to access the H-SLP, or other impediments.
  • the SET may then switch to a second network, Network B, that supports access to the H-SLP from the SET and authentication of the SET by the H-SLP using, in this example, the ACA authentication method, as shown in example network scenario 425 .
  • the SET may then connect to the H-SLP in an effort to ultimately connect to the D-SLP found back in Network A.
  • Network A could be a WLAN
  • Network B could be an LTE, WCDMA or HRPD network, for example.
  • Networks A and B could be various other kinds of networks.
  • the H-SLP may authenticate the SET using the ACA method or some other method defined by OMA for SUPL such as use of device certificates or use of the Generic Bootstrapping Architecture (GBA).
  • the SET may authenticate the H-SLP using, for example, a public key certificate provided by the H-SLP.
  • the H-SLP may then provide the address of the D-SLP to the SET, may authorize the D-SLP to the SET, and/or may provide information (a) informing the SET under which conditions the D-SLP may be accessed and/or (b) enabling authentication of the SET by the D-SLP or authentication of the D-SLP by the SET.
  • the SET then switches back to Network A, now possessing sufficient information and/or authorization from the H-SLP to access the D-SLP, in network scenario 450 .
  • the SET may then access the D-SLP via network A to obtain location services. Access to the D-SLP via network A rather than network B may be preferred or even necessary in some embodiments—e.g. because the D-SLP is on a private intranet not reachable from a public network or because the D-SLP only provides location services in association with access from network A or because usage charges to the user of the SET from network A are less than those for access from network B.
  • the SET When the SET accesses the D-SLP via network A, it may make use of information received from the H-SLP via network B to (a) enable authentication of the SET by the D-SLP (e.g. by making use of device certificates provided by the H-SLP for this purpose), (b) enable authentication of the D-SLP by the SET and/or (c) determine when the SET may and may not access the D-SLP, for example.
  • a SET may need to access a discovered location server using a first network to obtain location services at its current location.
  • the SET may be aware (e.g. from configuration information) that it needs authorization and/or authentication information to access the discovered location server from a home location server.
  • the SET may not be able to obtain authenticated access to the home location server from the first network and may therefore be unable to obtain the authorization and/or authentication information using the first network, for example for one or more reasons consistent with any of the rationales discussed in the disclosures herein.
  • the first network could be any kind of digital network, and may be consistent with what is described as Network A in the preceding descriptions, for example.
  • the SET may tune away from the first network and may then switch to a second network that supports authenticated access of the SET to the home location server.
  • An example second network that may fit this description may be Network B according to the preceding descriptions.
  • the SET may be implemented by the AT 116 and/or the system 250 , for example. In such embodiments, block 502 may be performed, for example, by at least the transceiver 252 .
  • the SET may then obtain authenticated access to the home location server using the second network, for example with the processor 270 when the SET is implemented by the system 250 .
  • the home location server may be a H-SLP and may be consistent with the descriptions in FIGS. 3A , 3 B, 3 C, 4 A, 4 B, and 4 C.
  • the SET may then obtain authorization and/or authentication information for the discovered location server from the home location server, for example with the processor 270 when the SET is implemented by the system 250 .
  • the authorization from the home location server may be occurring while using the second network.
  • the discovered location server may be a D-SLP and may be consistent with the descriptions in FIGS. 3A , 3 B, 3 C, 4 A, 4 B, and 4 C.
  • the SET may then switch from the second network back to the first network, for example with the transceiver 252 when the SET is implemented by the system 250 .
  • the SET may have obtained authorization for the discovered location server.
  • the SET may then access the discovered location server using the authentication obtained from the home location server while using the second network, for example with the processor 270 when the SET is implemented by the system 250 .
  • flowchart 530 may represent an alternative collection of method steps according to other embodiments. These descriptions may be consistent with any of the descriptions in FIGS. 1 , 2 , 3 A, 3 B, 3 C, 4 A, 4 B, and 4 C.
  • an AT may use a WLAN and discovers a discovered server (e.g. discovers the address of a previously unknown server being broadcast from the WLAN).
  • the AT used in this example may be consistent with the AT 116 and/or the system 250 , for example.
  • 532 may be performed, for example, by at least the transceiver 252 .
  • Block 534 the AT needs authorization for the discovered server from the home server and attempts to access the home server using a first network (e.g. a WLAN). If the AT cannot access the home server, for example, because the WLAN does not have access to a public network, the AT proceeds to block 542 .
  • Block 534 may be performed, for example, by at least transceiver 252 and processor 270 .
  • the AT attempts to set up a secure IP connection to the home server, using for example, Tx data processor 238 through transceiver 252 .
  • the home server may reject the attempt to secure the IP connection. The rejection may be due to various reasons, including experiencing an intermittent failed connection, or lacking proper authentication means while at the first network, or other reasons.
  • the home server may indicate an authentication failure and send a message indicating the same to the AT. The AT may receive such indications at transceiver 252 . For example, the home server may be unable to verify the IP address of the AT provided by the first network, and so authentication may fail.
  • the AT tunes away from the first network and switches to a second network that supports access to the home server and authentication of the AT by the home server, e.g. using transceiver 252 .
  • the AT may obtain an IP address that the home server may ultimately recognize as assigned to a known global identity belonging to the AT.
  • the AT then obtains authenticated access to the home server using the second network.
  • Block 544 may be implemented, for example, by at least processor 270 and transceiver 252 .
  • the AT requests and receives authorization for the discovered server and may also receive information to enable authenticated access to the discovered server.
  • the AT may now have sufficient authorization and possibly sufficient authentication information for the discovered server using the authenticated access obtained at the second network from the home server.
  • the AT then tunes away from the second network and back to the first network, for example with the transceiver 252 and/or the processor 270 , in order to access the discovered server—for example, because the discovered server cannot be accessed from the second network or because the second network provides lower access charges to the user of the AT.
  • the AT then obtains access to the discovered server, now being in the proper network and possessing sufficient authorization and optionally authentication information to access the discovered server.
  • the AT and discovered server may use device certificates to perform mutual authentication with the device certificates possibly provided to the AT by the home server as part of block 546 .
  • the discovered server may not authenticate the AT because discovered server access may be restricted to the first network and the discovered server may provide free location services to any AT using the first network.
  • the AT may obtain location services from the discovered server, e.g. may obtain location assistance data, local map data, computation of its location.
  • flowchart 560 may represent an alternative collection of methods steps according to other embodiments. These descriptions may be consistent with any of the descriptions in FIGS. 1 , 2 , 3 A, 3 B, 3 C, 4 A, 4 B, and 4 C. Flowchart 560 may provide an example implementation of FIG. 5B .
  • a SET may use a WLAN and discovers a Discovered SUPL location platform (D-SLP) (e.g. discovers the address of a previously unknown SLP being broadcast from the WLAN).
  • D-SLP Discovered SUPL location platform
  • the SET used in this example may be consistent with the AT 116 and/or the system 250 , for example.
  • block 562 may be performed, for example, by at least the transceiver 252 .
  • the SET needs authorization for the D-SLP from a home SUPL location platform (H-SLP) and attempts to access the H-SLP using a first network which may be the WLAN used to discover the D-SLP. If the SET cannot access the H-SLP, for example, because the first network does not have access to a public network, the SET proceeds to block 572 .
  • Block 564 may be performed, for example, by at least transceiver 252 and processor 270 .
  • the SET attempts to set up a secure IP connection to the H-SLP, using for example, Tx data processor 238 through transceiver 252 .
  • the H-SLP may reject the attempt to secure the IP connection. The rejection may be due to various reasons, including experiencing an intermittent failed connection, or lacking proper authentication means while at the first network, or other reasons.
  • the H-SLP may indicate an authentication failure and sends a message indicating the same to the SET. The SET may receive such indications at transceiver 252 .
  • the H-SLP may be unable to verify the IP address provided by the first network, and so authentication may fail.
  • the H-SLP attempts to authenticate the SET using the ACA method but cannot verify the SET IP address (which was assigned by the WLAN).
  • the H-SLP either rejects the attempt to set up a secure IP connection, at block 568 , or indicates ACA authentication failure to the SET—e.g. by sending a SUPL END message with appropriate error code, at block 570 .
  • the SET tunes away from the first network and switches to a second network that supports authentication of the SET by the H-SLP, e.g. using transceiver 252 .
  • the second network supports LTE.
  • the second network may support WCDMA, GSM or cdma2000 HRPD.
  • the SET may obtain an IP address that the H-SLP may ultimately recognize as assigned to the SET via association of the IP address with a known global identity for the SET such as an MSDISDN or IMSI.
  • the SET then obtains authenticated access to the H-SLP using the second network.
  • Block 574 may be implemented, for example, by at least processor 270 and transceiver 252 .
  • the SET requests and receives, using for example transceiver 252 , authorization for the D-SLP from the H-SLP and may also receive information to enable authentication of the SET by the D-SLP or of the D-SLP by the SET.
  • the SET may now have sufficient authorization and possibly authentication information to enable access to the D-SLP using the authorization and possibly authentication information obtained at the second network from the H-SLP.
  • the SET then tunes away from the second network and back to the first network, for example with the transceiver 252 and/or the processor 270 , in order to access the D-SLP—for example, because the D-SLP cannot be accessed from the second network or because the second network provides lower access charges to the user of the SET.
  • the SET obtains access to the D-SLP, now being in the proper network and possessing sufficient authorization and possibly authentication information to access the D-SLP.
  • the SET and D-SLP may use device certificates to perform mutual authentication—e.g. with the device certificates provided to the SET by the H-SLP as part of block 576 .
  • the mutual authentication may be consistent with SUPL 2.1 or SUPL 3.0 as defined by OMA.
  • the D-SLP may not authenticate the SET because D-SLP access may be restricted to the first network and the D-SLP may provide free location services to any SET using the first network.
  • the SET may obtain location services from the D-SLP, e.g. to obtain location assistance data, local map data, computation of its location.
  • an AT is unable to obtain authorization and possibly authentication information to enable access to a discovered location server using a first network and tunes away to a second network in order to obtain authenticated access to a home location server that is able to authorize the discovered location server and, if needed, provide information to allow subsequent authenticated access by the AT to the discovered location server.
  • the AT then tunes back to the first network in order to access the discovered location server.
  • the AT may not need to or may prefer not to tune back to the first network and may instead access the discovered location server using the second network or using some other third network different to the first and second networks.
  • such embodiments may reduce delay in accessing the discovered location server and may enable improved authentication either of the AT by the discovered location server or of the discovered location server by the AT than is possible when the AT accesses the discovered location server using the first network.
  • FIG. 6 a computer system as illustrated in FIG. 6 may be incorporated as part of a computing device, which may implement, perform, and/or execute any and/or all of the features, methods, and/or method steps described herein.
  • a computing device may implement, perform, and/or execute any and/or all of the features, methods, and/or method steps described herein.
  • the processor 610 , memory 635 , and communications subsystems 630 may be used to implement any or all of the blocks as shown in FIGS. 5A , 5 B, and 5 C.
  • computer system 600 may represent some of the components of a hand-held device.
  • FIG. 6 provides a schematic illustration of one embodiment of a computer system 600 that can perform the methods provided by various other embodiments, as described herein, and/or can function as the host computer system, a remote kiosk/terminal, a point-of-sale device, a mobile device, a set-top box, and/or a computer system.
  • FIG. 6 is meant only to provide a generalized illustration of various components, any and/or all of which may be utilized as appropriate.
  • FIG. 6 therefore, broadly illustrates how individual system elements may be implemented in a relatively separated or relatively more integrated manner.
  • the computer system 600 might also include a communications subsystem 630 , which can include without limitation a modem, a network card (wireless or wired), an infrared communication device, a wireless communication device and/or chipset (such as a Bluetooth® device, an 802.11 device, a WiFi device, a WiMax device, cellular communication facilities, etc.), and/or the like.
  • the communications subsystem 630 may permit data to be exchanged with a network (such as the network described below, to name one example), other computer systems, and/or any other devices described herein.
  • the computer system 600 may further comprise a non-transitory working memory 635 , which can include a RAM or ROM device, as described above.
  • the computer system 600 also can comprise software elements, shown as being currently located within the working memory 635 , including an operating system 640 , device drivers, executable libraries, and/or other code, such as one or more application programs 645 , which may comprise computer programs provided by various embodiments, and/or may be designed to implement methods, and/or configure systems, provided by other embodiments, as described herein.
  • an operating system 640 operating system 640
  • device drivers executable libraries
  • application programs 645 which may comprise computer programs provided by various embodiments, and/or may be designed to implement methods, and/or configure systems, provided by other embodiments, as described herein.
  • application programs 645 may comprise computer programs provided by various embodiments, and/or may be designed to implement methods, and/or configure systems, provided by other embodiments, as described herein.
  • application programs 645 may comprise computer programs provided by various embodiments, and/or may be designed to implement methods, and/or configure systems, provided by other embodiments, as described herein.
  • 5A , 5 B, or 5 C might be implemented as code and/or instructions executable by a computer (and/or a processor within a computer); in an aspect, then, such code and/or instructions can be used to configure and/or adapt a general purpose computer (or other device) to perform one or more operations in accordance with the described methods.
  • a set of these instructions and/or code might be stored on a computer-readable storage medium, such as the storage device(s) 625 described above.
  • the storage medium might be incorporated within a computer system, such as computer system 600 .
  • the storage medium might be separate from a computer system (e.g., a removable medium, such as a compact disc), and/or provided in an installation package, such that the storage medium can be used to program, configure and/or adapt a general purpose computer with the instructions/code stored thereon.
  • These instructions might take the form of executable code, which is executable by the computer system 600 and/or might take the form of source and/or installable code, which, upon compilation and/or installation on the computer system 600 (e.g., using any of a variety of generally available compilers, installation programs, compression/decompression utilities, etc.) then takes the form of executable code.
  • Some embodiments may employ a computer system (such as the computer system 600 ) to perform methods in accordance with the disclosure. For example, some or all of the procedures of the described methods may be performed by the computer system 600 in response to processor 610 executing one or more sequences of one or more instructions (which might be incorporated into the operating system 640 and/or other code, such as an application program 645 ) contained in the working memory 635 . Such instructions may be read into the working memory 635 from another computer-readable medium, such as one or more of the storage device(s) 625 .
  • execution of the sequences of instructions contained in the working memory 635 might cause the processor(s) 610 to perform one or more procedures of the methods described herein, for example one or more of the elements of the method described with respect to any of FIG. 5A , 5 B, or 5 C.
  • machine-readable medium and “computer-readable medium,” as used herein, refer to any medium that participates in providing data that causes a machine to operate in a specific fashion.
  • various computer-readable media might be involved in providing instructions/code to processor(s) 610 for execution and/or might be used to store and/or carry such instructions/code (e.g., as signals).
  • a computer-readable medium is a physical and/or tangible storage medium.
  • Such a medium may take many forms, including but not limited to, non-volatile media, volatile media, and transmission media.
  • Non-volatile media include, for example, optical and/or magnetic disks, such as the storage device(s) 625 .
  • Volatile media include, without limitation, dynamic memory, such as the working memory 635 .
  • Transmission media include, without limitation, coaxial cables, copper wire and fiber optics, including the wires that comprise the bus 605 , as well as the various components of the communications subsystem 630 (and/or the media by which the communications subsystem 630 provides communication with other devices).
  • transmission media can also take the form of waves (including without limitation radio, acoustic and/or light waves, such as those generated during radio-wave and infrared data communications).
  • the functions described may be implemented in hardware, software, firmware, or any combination thereof. If implemented in software, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
  • Computer-readable media may include computer data storage media.
  • Data storage media may be any available media that can be accessed by one or more computers or one or more processors to retrieve instructions, code and/or data structures for implementation of the techniques described in this disclosure. “Data storage media” as used herein refers to manufactures and does not refer to transitory propagating signals.
  • Such computer-readable media can comprise RAM, ROM, EEPROM, CD-ROM or other optical disk storage, magnetic disk storage, or other magnetic storage devices, flash memory, or any other medium that can be used to store desired program code in the form of instructions or data structures and that can be accessed by a computer.
  • Disk and disc includes compact disc (CD), laser disc, optical disc, digital versatile disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
  • the code may be executed by one or more processors, such as one or more digital signal processors (DSPs), general purpose microprocessors, application specific integrated circuits (ASICs), field programmable logic arrays (FPGAs), or other equivalent integrated or discrete logic circuitry.
  • DSPs digital signal processors
  • ASICs application specific integrated circuits
  • FPGAs field programmable logic arrays
  • processors may refer to any of the foregoing structure or any other structure suitable for implementation of the techniques described herein.
  • the functionality described herein may be provided within dedicated hardware and/or software modules configured for encoding and decoding, or incorporated in a combined codec. Also, the techniques could be fully implemented in one or more circuits or logic elements.
  • the techniques of this disclosure may be implemented in a wide variety of devices or apparatuses, including a wireless handset, an integrated circuit (IC) or a set of ICs (e.g., a chip set).
  • IC integrated circuit
  • a set of ICs e.g., a chip set.
  • Various components, modules, or units are described in this disclosure to emphasize functional aspects of devices configured to perform the disclosed techniques, but do not necessarily require realization by different hardware units. Rather, as described above, various units may be combined in a codec hardware unit or provided by a collection of interoperative hardware units, including one or more processors as described above, in conjunction with suitable software and/or firmware stored on computer-readable media.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Mobile Radio Communication Systems (AREA)
US13/762,231 2012-02-10 2013-02-07 Secure mechanism for obtaining authorization for a discovered location server Active 2033-06-10 US9100388B2 (en)

Priority Applications (10)

Application Number Priority Date Filing Date Title
US13/762,231 US9100388B2 (en) 2012-02-10 2013-02-07 Secure mechanism for obtaining authorization for a discovered location server
KR1020147024980A KR101615203B1 (ko) 2012-02-10 2013-02-08 발견된 위치 서버에 대한 인가를 획득하기 위한 보안 메커니즘
KR1020167010121A KR20160049035A (ko) 2012-02-10 2013-02-08 발견된 위치 서버에 대한 인가를 획득하기 위한 보안 메커니즘
ES13707947.1T ES2555169T3 (es) 2012-02-10 2013-02-08 Mecanismo de seguridad para obtener una autorización para un servidor de localización descubierto
PCT/US2013/025447 WO2013120027A1 (en) 2012-02-10 2013-02-08 Secure mechanism for obtaining authorization for a discovered location server
JP2014556756A JP5922259B2 (ja) 2012-02-10 2013-02-08 発見されたロケーションサーバに関する認可を獲得するための安全な仕組み
EP13707947.1A EP2813054B1 (en) 2012-02-10 2013-02-08 Secure mechanism for obtaining authorization for a discovered location server
CN201380008649.1A CN104106249B (zh) 2012-02-10 2013-02-08 用于获得发现定位服务器的授权的安全机制
CN201710397640.4A CN107257330A (zh) 2012-02-10 2013-02-08 用于获得发现定位服务器的授权的安全机制
US14/754,473 US9467856B2 (en) 2012-02-10 2015-06-29 Secure mechanism for obtaining authorization for a discovered location server

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US201261597704P 2012-02-10 2012-02-10
US13/762,231 US9100388B2 (en) 2012-02-10 2013-02-07 Secure mechanism for obtaining authorization for a discovered location server

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US14/754,473 Continuation US9467856B2 (en) 2012-02-10 2015-06-29 Secure mechanism for obtaining authorization for a discovered location server

Publications (2)

Publication Number Publication Date
US20130212649A1 US20130212649A1 (en) 2013-08-15
US9100388B2 true US9100388B2 (en) 2015-08-04

Family

ID=48946773

Family Applications (2)

Application Number Title Priority Date Filing Date
US13/762,231 Active 2033-06-10 US9100388B2 (en) 2012-02-10 2013-02-07 Secure mechanism for obtaining authorization for a discovered location server
US14/754,473 Active US9467856B2 (en) 2012-02-10 2015-06-29 Secure mechanism for obtaining authorization for a discovered location server

Family Applications After (1)

Application Number Title Priority Date Filing Date
US14/754,473 Active US9467856B2 (en) 2012-02-10 2015-06-29 Secure mechanism for obtaining authorization for a discovered location server

Country Status (7)

Country Link
US (2) US9100388B2 (ja)
EP (1) EP2813054B1 (ja)
JP (1) JP5922259B2 (ja)
KR (2) KR101615203B1 (ja)
CN (2) CN104106249B (ja)
ES (1) ES2555169T3 (ja)
WO (1) WO2013120027A1 (ja)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9100388B2 (en) 2012-02-10 2015-08-04 Qualcomm Incorporated Secure mechanism for obtaining authorization for a discovered location server
US9300376B2 (en) * 2013-07-05 2016-03-29 Samsung Electronics Co., Ltd. Transmitting apparatus, receiving apparatus, and control methods thereof
CN111885602B (zh) * 2020-07-27 2021-04-27 西南交通大学 一种面向异构网络的批量切换认证及密钥协商方法

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030236982A1 (en) * 2002-06-20 2003-12-25 Hsu Raymond T. Inter-working function for a communication system
US20060225090A1 (en) 2005-04-01 2006-10-05 Lg Electronics Inc. SUPL initialization message in a location information system and method and system for processing SUPL by using the same
EP1773076A1 (en) 2005-06-29 2007-04-11 Huawei Technologies Co., Ltd. A method for locating mobile terminal
US20080014962A1 (en) 2005-12-01 2008-01-17 Lg Electronics Inc. Location information system and method for performing notification based upon location
US20080133762A1 (en) * 2006-10-10 2008-06-05 Qualcomm Incorporated Registration of a Terminal With a Location Server for User Plane Location
US20080254809A1 (en) 2007-04-05 2008-10-16 Nokia Corporation Secure user plane location session initiation improvement
US20110207469A1 (en) 2010-02-25 2011-08-25 Motorola, Inc. Methods and apparatus for extended generic messaging in a networked geolocation system
US20120131329A1 (en) * 2009-05-15 2012-05-24 Zte Corporation Method and System for Accessing 3rd Generation Network

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20060004864A (ko) * 2004-07-10 2006-01-16 엘지전자 주식회사 이동통신 단말기의 위치알림 방법 및 시스템
CN100391303C (zh) * 2004-12-15 2008-05-28 华为技术有限公司 一种定位上报服务方法
KR100677510B1 (ko) * 2005-04-30 2007-02-02 엘지전자 주식회사 I-wlan에서의 위치정보 서비스를 위한 시스템 및 방법
CN101346638A (zh) * 2005-11-07 2009-01-14 高通股份有限公司 Wlan和其它无线网络的定位
KR20070108301A (ko) * 2005-12-01 2007-11-09 엘지전자 주식회사 위치 기반의 통지를 위한 위치정보 시스템 및 그 방법
CN101568063B (zh) * 2008-04-24 2011-08-10 华为技术有限公司 位置业务的实现方法及系统
CN101657013B (zh) * 2008-08-20 2011-12-28 华为技术有限公司 用户面定位中的定位方法、系统时间同步方法及终端
US8301160B2 (en) * 2009-03-16 2012-10-30 Andrew Llc System and method for SUPL roaming using a held client
US8620270B2 (en) * 2009-10-06 2013-12-31 Mosaid Technologies Incorporated System and method providing interoperability between cellular and other wireless systems
US9100388B2 (en) 2012-02-10 2015-08-04 Qualcomm Incorporated Secure mechanism for obtaining authorization for a discovered location server

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030236982A1 (en) * 2002-06-20 2003-12-25 Hsu Raymond T. Inter-working function for a communication system
US20060225090A1 (en) 2005-04-01 2006-10-05 Lg Electronics Inc. SUPL initialization message in a location information system and method and system for processing SUPL by using the same
EP1773076A1 (en) 2005-06-29 2007-04-11 Huawei Technologies Co., Ltd. A method for locating mobile terminal
US20080014962A1 (en) 2005-12-01 2008-01-17 Lg Electronics Inc. Location information system and method for performing notification based upon location
US20080133762A1 (en) * 2006-10-10 2008-06-05 Qualcomm Incorporated Registration of a Terminal With a Location Server for User Plane Location
US20080254809A1 (en) 2007-04-05 2008-10-16 Nokia Corporation Secure user plane location session initiation improvement
US20120131329A1 (en) * 2009-05-15 2012-05-24 Zte Corporation Method and System for Accessing 3rd Generation Network
US20110207469A1 (en) 2010-02-25 2011-08-25 Motorola, Inc. Methods and apparatus for extended generic messaging in a networked geolocation system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
International Search Report and Written Opinion-PCT/US2013/025447-ISA/EPO-May 28, 2013.
Open Mobile Alliance: "Secure User Plane Location Architecture, Draft Version 3.0", Jan. 3, 2011, pp. 1-40, XP55026688, Retrieved from the Internet: URL:http://member.openmobilealliance.org/ftp/Public documents/LOC/Permanent documentS/OMA-AD-SUPL-V3-0-20110103-D.zip [retrieved on May 9, 2012 paragraph [5.2.2.1.1]; figure 1 paragraph [0B.5]; figure 11.
Tcs Systems: "SLP Discovery Models and Mechanisms", Dec. 15, 2010, pp. 1-11, XP55026932, Retrieved from the Internet: URL:http://member.openmobilealliance.org/ftp/Public documents/LOC/2010/OMA-LOC-2010-0316-INP-SUPL-3-0-TCS-SLP-Models-and-Discovery-Mechanisms.zip [retrieved on May 11, 2012] pp. 1-6, 10.

Also Published As

Publication number Publication date
KR20160049035A (ko) 2016-05-04
US20150373540A1 (en) 2015-12-24
EP2813054B1 (en) 2015-09-30
CN104106249B (zh) 2017-05-17
US20130212649A1 (en) 2013-08-15
KR101615203B1 (ko) 2016-04-25
WO2013120027A1 (en) 2013-08-15
JP5922259B2 (ja) 2016-05-24
JP2015507445A (ja) 2015-03-05
EP2813054A1 (en) 2014-12-17
KR20140129118A (ko) 2014-11-06
CN107257330A (zh) 2017-10-17
US9467856B2 (en) 2016-10-11
CN104106249A (zh) 2014-10-15
ES2555169T3 (es) 2015-12-29

Similar Documents

Publication Publication Date Title
CN109155908B (zh) 用于非蜂窝无线接入的紧急服务支持的方法和设备
US9491620B2 (en) Enabling secure access to a discovered location server for a mobile device
US8094651B2 (en) Emergency call services for wireless network roaming
EP3113524B1 (en) Methods and apparatus to support emergency services connectivity requests through untrusted wireless networks
EP3278581A2 (en) Techniques to support emergency services
US9467856B2 (en) Secure mechanism for obtaining authorization for a discovered location server
US20130344887A1 (en) D-slp service area detection using area id
US9420411B2 (en) Method and apparatus for configuring secure user plane location (SUPL) enabled terminals
US20240205813A1 (en) Method and apparatus to access core networks via gateway functions

Legal Events

Date Code Title Description
AS Assignment

Owner name: QUALCOMM INCORPORATED, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:HAWKES, PHILIP MICHAEL;WACHTER, ANDREAS KLAUS;BURROUGHS, KIRK ALLAN;AND OTHERS;SIGNING DATES FROM 20130228 TO 20130312;REEL/FRAME:030144/0895

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCF Information on status: patent grant

Free format text: PATENTED CASE

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 4TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1551); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 4

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 8TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1552); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 8